Law: The Data Protection (Bailiwick of Guernsey) Law, 2017 ('the Law') and The Data Protection (Commencement, Amendment and Transitional) (Bailiwick of Guernsey) Ordinance, 2018, ('the Ordinance')
Regulator: The Office of the Data Protection Authority ('ODPA')
Summary: Guernsey is not a member of the European Union, and therefore not subject to the GDPR. However, on 25 May 2018, it adopted the Law which is based on, and has a similar effect to, the GDPR. The Law establishes the ODPA as the supervisory authority, which is overseen by the Data Protection Commissioner, an independent public official appointed by the States of Guernsey to enforce data protection legislation in the Bailiwick. The ODPA is an active regulator, frequently publishing guidance on issues such as Data Protection Impact Assessments and children's consent, as well as monthly newsletters. The ODPA's Strategic Plan 2019-2022 outlines that the ODPA has adopted a strategy aimed at predicting and preventing data protection harms and ensuring that ODPA's detection and enforcement of activities are proportionate and effective, rather than focusing on the imposition of fines. The European Commission has recognised Guernsey as providing adequate protection for transfers of personal data to and from the EU.